from the get-things-up-to-speed dept

Well, this is disappointing. Back in September, we were happy to see both Apple and Google announced that their mobile platforms would be encrypted by default (for local storage, not for data transmissions), which has kicked off something of a new round of Crypto Wars, as law enforcement types have shoved each other aside to spread as much possible FUD about the "dangers" of mobile encryption (ignoring that they also recommend mobile encryption to keep your data safe).

However, as Ars Technica reported earlier this week, it appears that while Google is encrypting by default on its own Nexus phones that have the latest Android (Lollipop), it slightly eased back the requirements for its OEM partners such as Motorola and Samsung who make their own devices. Default encryption is now "very strongly RECOMMENDED" rather than required. And even with that "very strong RECOMMENDATION," it appears that neither Samsung or Motorola are enabling default encryption on its latest devices.

While some will likely jump to the conclusion that law enforcement pressure is at work here, a much more likely explanation is just the performance drag created by encryption. Last fall, Anandtech did some benchmarking of the Nexus 6 both with encryption on and off, and as the site itself says, the results are "not pretty." Given the competitive market, there's a decent chance that the big phone manufacturers didn't want to get bad benchmark ratings when phones are compared, and those made the decision to go against the "very strong recommendation."

Hopefully this gets sorted out quickly, as phonemakers can optimize new phones for encryption. And, honestly, as the Anandtech report itself notes, these benchmarks are basically meaningless for real world performance:

The real question we have to ask is whether or not any of these storage benchmarks really matter on a mobile device. After all, the number of intensive storage I/O operations being done on smartphones and tablets is still relatively low, and some of the situations where NAND slowdowns are really going to have an effect can be offset by holding things in memory.

But, it appears, while mobile phone makers don't want to take the chance of bad benchmarks hurting their reputation, they're less concerned about leaving consumers' data exposed.

It's disappointing that this is where things are today, after so much focus on default encryption just a few months ago, but hopefully it's just a temporary situation and we'll get to default encryption very, very soon.

More than once, the government was forced to rewrite its requests, and on one memorable occasion, it went "judge shopping" in hopes of obtaining the signature Facciola wouldn't give it, only to be rebuffed by the unamused judge on the opposite coast.

Zoe Tillman of the National Law Journal has a fascinating interview with the retired judge. Facciola was one of the few magistrates who actively attempted to understand the legal nuances inherent to today's interconnected world. According to Facciola, magistrate judges who allow technological advances to pass them by aren't doing the public any favors by not staying current. Law enforcement has moved on, and it's tough to act as a check against overreach if you don't understand the subject matter. The mental image of investigators dusting for fingerprints and tossing suspects' residences is completely outdated. Investigative work now involves -- almost exclusively -- more ethereal methods.

When asked how his job had changed since he took his post in 1997, Facciola responded:

[I]n March 2012, my criminal month, at the end of the month I realized something: I had not issued a warrant or an order for anything that was tactile. Everything I issued was for some form of electronically stored information. Whether it was a Facebook account or cell site information.

You almost look forward to the day when a guy will just want to break a door down and go in and get cocaine. Those days are gone forever apparently.

This would explain law enforcement's outspoken opposition to any form of electronic encryption. Today's law enforcement agencies seemingly have little stomach for old-fashioned police work. Searching something "tactile," like a suspect's residence, is almost always an afterthought. These agencies would rather dig through every communication they can obtain before they even think about utilizing methods that have worked for years. (And default mode for today's law enforcement has shifted the approach to physical searches as well. Increasingly, handling the "tactile" means going "tactical" with no-knock warrants, military rifles, full body armor, repurposed mine-resistant vehicles and a hell of a lot of guys shouting contradictory instructions/firing weapons in contradictory directions within moments of the "breach.")

This nearly-exclusive focus on digital searches poses a problem for the magistrates charged with vetting warrants for Constitutionality, not the least of which are the outdated laws and guidelines governing searches of citizens' communications and data. And this can't be fixed by the courts themselves.

[T]he problem is not a judicial one, the problem is Congress has not looked at the Stored Communications Act since 1986. My gosh. 1986. [...] If you look at the opinions about the Stored Communications Act, they are some of the most complicated opinions you will see because it's a classic example of the square peg not fitting in the round hole… There [is] out there a lot of wonderful thinking about how the act could be amended to bring it kicking and screaming into the 21st century. But no movement by Congress. That's deeply troubling.

Not that the judicial system hasn't tried. It's just that the conclusions are still unclear and mainly deal with warrantless searches. The Sixth Circuit Court ruled that email contents are covered by the Fourth Amendment, contrary to the claims of those who rely on the outdated SCA. The Supreme Court had a chance to weigh the SCA against the Fourth Amendment in 2010, but chose to carefully avoid the subject. So, if it's to be fixed, it's up to Congress, and there is only a very slim chance that it will be willing to alter a law so thoroughly exploited by law enforcement and intelligence agencies, even given the events of the past couple of years.

Particularization is what's needed in the digital realm, according to Facciola, but that's clearly not what the government wants. It wants to dump peoples' computers and devices on the metaphorical carpet and root through the pile until it finds what it's looking for. (Or, as has happened frequently, find something it wasn't looking for and pursue that angle instead/in addition, occasionally necessitating additional warrants.)

Particularized searches of ethereal contents is easier said than done, especially when one half of the parties involved has no interest in limiting its searches. Facciola has suggested searches of this type be handled by the third party that holds the data, but that has been shot down by other judges as "impractical." Facciola additionally suggests wholly separating the search team and the evidence review team (using a "Chinese wall") to help assure the search won't exceed the limitations provided by the warrant. The last resort is still the front line, however.

The third solution… is more careful supervision of the conduct of the search by the magistrate judge.

That's where Facciola fit in. He challenged the government on its broad search requests and forced it to reconsider its tactics. Unfortunately, there's usually been another judge willing to grant warrants that don't meet the standards of more demanding magistrates.

In his parting comment, Facciola points out that judges aren't the only technologically-resistant participants in the judicial system. Those on the other side of the bench have their issues as well.

We have to get across to lawyers that they really have to read outside of their fields. Every day I read the tech section of The New York Times. I find almost every article has to do with the law. And that's an important thing.

I learned from [a law professor] that — did you know this? — the telephone was in existence for 10 years before lawyers started to use it. They thought it was beneath their dignity. You wondered, did they use the elevator?

from the irony dept

Back in January, we pointed out that just after US and EU law enforcement officials started freaking out about mobile encryption and demanding backdoors, that China was also saying that it wanted to require backdoors for itself in encrypted products. Now, President Obama claims he's upset about this, saying that he's spoken directly with China's President Xi Jinping about it:

In an interview with Reuters, Obama said he was concerned about Beijing's plans for a far-reaching counterterrorism law that would require technology firms to hand over encryption keys, the passcodes that help protect data, and install security "backdoors" in their systems to give Chinese authorities surveillance access.

"This is something that I’ve raised directly with President Xi," Obama said. "We have made it very clear to them that this is something they are going to have to change if they are to do business with the United States."

This comes right after the US Trade Rep Michael Froman issued a statement criticizing China for doing the same damn thing that the US DOJ is arguing the US should be doing:

U.S. Trade Representative Michael Froman issued a statement on Thursday criticizing the banking rules, saying they "are not about security – they are about protectionism and favoring Chinese companies".

"The Administration is aggressively working to have China walk back from these troubling regulations," Froman said.

Just last week, Yahoo's chief security officer Alex Stamos raised this exact issue with NSA director Admiral Mike Rogers, asking if Rogers thinks it's appropriate for tech companies to build backdoors for other countries if they build them for the US. Rogers ignored the question, just saying "I think we can work our way through this," which is not an answer. And now we're "working our way through this" by having to deal with other countries, such as China, leaping at this opportunity.

And the week before, President Obama himself claimed that he was all for strong encryption, but argued that there were tradeoffs worth discussing, and that some in his administration believed that demanding backdoors made sense to try to stop terrorist attacks. But it's tough to see how he can claim that it's okay to entertain those ideas on the one hand, while using the other hand to try to slap China for doing the exact same thing.

As security researcher Matthew Green rightly points out, "someday, US officials will look back and realize how much global damage they've enabled with their silly requests for key escrow." But that day is apparently not today.

The administration keeps bleating on and on about how China is a massive cybersecurity "threat" out there, and then hands the country this massive gift by having a kneejerk reaction to better encryption that protects American citizens.

from the content-(management)-is-king dept

Techdirt has long operated on a homegrown content management system, but while we've been considering a switch to something open like Wordpress, many other media companies have been building their own proprietary platforms. What are the pros and cons of each approach, and are proprietary platforms necessary to be a "serious" media company in today's landscape?

from the paint-me-a-picture dept

At this point, we probably don't need any more evidence that the emergence of publicity rights and its conflation with other forms of intellectual property, such as copyright, is a festering cancer in our culture that we'd do well to excise post-haste. Still, necessity isn't the mother of these stories that keep on a-coming anyway. The most recent example of how stupid this all has become is a small Connecticut town taking down a donated painting that includes an image of Mother Teresa over intellectual property concerns. More frustrating is how neutered the press covering the issue is in competently discussing the validity of the issues being raised.

Trumbull officials have temporarily removed artwork displayed at the public library over concerns that the use of Mother Teresa's image in the painting infringes on copyright. The painting, which Dr. Richard Resnick donated to the library, shows Mother Teresa and other women marching, holding signs that say messages including "Planned Parenthood," "Mission of Charity," "Feed the Poor," "Remember The Ladies," "Hospital Reform" and "Right to Vote," among others.

Let's get the easy stuff out of the way. Resnick had ownership of the painting when he donated it. There wouldn't be a valid copyright claim here even if the original artist was among those raising the issue, which doesn't appear to be the case. The library has every right to display the image. There aren't any copyright questions at all. All the reports this author has seen identify only "independent organizations" as claiming there is a copyright issue here at all. Should the actual claims center instead on publicity rights instead of copyright, that claim, too, would fail. First, there is no commercial use here. It is a painting rightfully owned and then donated to a municipality. Mother Teresa is a public and historical figure. And, again, there has been no indication that the estate of Anjeze Bojaxhiu, commonly known as Mother Teresa of Calcutta, is among those raising the issue. There is simply no applicable intellectual property concern here.

However, it seems that everyone involved (perhaps including the reporter) has no clue about any of this:

"Our initial research has shown that there is a doctorate of ‘Fair Use’ which allows a party to depict even someone of a public nature when it’s not designed for any commercial purpose," he explained.

It would be nice to be able to get a "doctorate" in "fair use" but it's likely the guy means (or even said) "doctrine." And while "commercial purpose" may have an impact on a fair use analysis it's not the only factor. But, more importantly, fair use isn't even an issue here because there's no copyright issue at all.

The town opted to remove the painting because the library lacks a written agreement with Resnick to protect the town against "any potential liability" from the copyright violation allegation, Herbst said.

“After learning that the Trumbull Library Board did not have the proper written indemnification for the display of privately-owned artwork in the Town’s library, and also being alerted to allegations of copyright infringement and unlawful use of Mother Teresa’s image, upon the advice of legal counsel, I can see no other respectful and responsible alternative than to temporarily suspend the display until the proper agreements and legal assurances are in place,” Herbst said in a written statement.

And, so, until such a time as the town and the donor can formalize a written agreement protecting themselves against all of this stupidity, stupidity prevails. It's hard to fault Trumbull officials too much for getting their protective documentation in place, I suppose. This is America, after all, the land of the lawsuit. Still, it's a tough pill to swallow to see a public entity bow even temporarily to the pressure of outside parties that have no standing, or apparent familiarity with the actual legal statutes they're pushing. Because, while none of the reports are naming the "independent organizations", everyone pretty much knows what's going on here. Resnick's attorney explains it nicely.

Elstein speculates that the controversy may have more to do with Catholic leaders' recent objections to Mother Teresa being depicted alongside a woman holding a "Planned Parenthood" sign.

Ah, so again intellectual property gets used to silence speech. Anyone still want to pretend that copyright and publicity rights aren't the favored tools of censors everywhere?

Hillary Rodham Clinton exclusively used a personal email account to conduct government business as secretary of state, State Department officials said, and may have violated federal requirements that officials’ correspondence be retained as part of the agency’s record.

Mrs. Clinton did not have a government email address during her four-year tenure at the State Department. Her aides took no actions to have her personal emails preserved on department servers at the time, as required by the Federal Records Act.

This is dumb on many, many levels and there appears to be no excuse for it happening. First off, using a personal email as Secretary of State seems like a massive privacy and security risk. While one hopes that there was at least some attempt to better secure her personal account by government security experts, it's still almost certainly less secure. Given how much sensitive information the Secretary of State has to deal with, it seems inexcusable that she was allowed to conduct official business via her personal account. That to me seems like an even bigger deal than the part that everyone else is focused on: the failure to preserve her emails as required by law.

Of course, the failure to preserve the emails is a big deal as well. But here's the really stunning thing: there is simply no way that Clinton and others in the administration didn't know that she was supposed to be using a government email address and preserving those emails. That's because both the previous administration and others in her own administration got in trouble for using personal email addresses. As Vox notes, towards the end of the Bush administration there was a similar scandal involving a variety of high level administration members using personal email to conduct government business and to avoid transparency requirements.

That scandal unfolded well into the final year of Bush's presidency, then overlapped with another email secrecy scandal, over official emails that got improperly logged and then deleted, which itself dragged well into Obama's first year in office. There is simply no way that, when Clinton decided to use her personal email address as Secretary of State, she was unaware of the national scandal that Bush officials had created by doing the same.

That she decided to use her personal address anyway showed a stunning disregard for governmental transparency requirements. Indeed, Clinton did not even bother with the empty gesture of using her official address for more formal business, as Bush officials did.

But that's not all. What the Vox report doesn't note is that the scandal actually carried over to the Obama administration also, as the White House's first Deputy CTO was reprimanded for using his personal email address as well, early in 2010. So there was both a scandal about the similar use of private email accounts in the previous administration and in the Obama administration. It's impossible to believe that Clinton or the other key people who worked for her in the State Department were unaware of one or both of these issues while she was using her personal email address.

While the White House's email system may be clunky and annoying to use (as I've heard repeatedly), there's simply no excuse for Clinton not to have used it at all -- and for the emails she did send not to be preserved as required under the law. A few years ago, we mocked Homeland Security boss Janet Napolitano for refusing to use email entirely -- though at least she was upfront about the reason. She didn't want to be held accountable for what she said -- though, the reality was she would still have staff members send emails for her. Clinton appears to have wanted to be free of that accountability as well, but to still have the benefits of direct electronic communication herself. In short, she purposely ignored the law for her own benefit.

[I]n the newly uncovered document (.pdf)—a warrant application requesting approval to use a stingray—FBI Special Agent Michael A. Scimeca disclosed the disruptive capability to a judge.

“Because of the way, the Mobile Equipment sometimes operates,” Scimeca wrote in his application, “its use has the potential to intermittently disrupt cellular service to a small fraction of Sprint’s wireless customers within its immediate vicinity. Any potential service disruption will be brief and minimized by reasonably limiting the scope and duration of the use of the Mobile Equipment.”

Notably, the application (and the magistrate's approval) do not refer to the device by any of the common names (Stingray, IMSI catcher, cell tower spoofer, etc.), but rather as "mobile pen register/trap and trace equipment." While it does admit the device will "mimic Sprint's cell towers," it downplays the potential impact of the device's use.

The fact that Stingray devices disrupt cell service isn't new, but an on-the-record admission by law enforcement is. The warrant application claims that numbers unrelated to the ones being sought will be "released" to other cell towers. The unanswered question is how long it takes before this release occurs.

“As each phone tries to connect, [the stingray] will say, ‘I’m really busy right now so go use a different tower. So rather than catching the phone, it will release it,” says Chris Soghoian, chief technologist for the ACLU. “The moment it tries to connect, [the stingray] can reject every single phone” that is not the target phone.

But the stingray may or may not release phones immediately, Soghoian notes, and during this period disruption can occur.

The problem with the so-called "release" is related to the amount of disruption that occurs when the device is used. Advances in cell technology have surpassed the ability of Stingray devices to capture calling info and location data. Upgrades are available and law enforcement agencies are scrambling to get their cell tower spoofers up-to-date, but the general process still involves "dumbing down" everyone's connection to the least secure and most easily-intercepted connection: 2G.

In order for the kind of stingray used by law enforcement to work, it exploits a vulnerability in the 2G protocol. Phones using 2G don’t authenticate cell towers, which means that a rogue tower can pass itself off as a legitimate cell tower. But because 3G and 4G networks have fixed this vulnerability, the stingray will jam these networks to force nearby phones to downgrade to the vulnerable 2G network to communicate.

If a device is in operation nearby, all calls that can't find a better connection will be routed to the cell tower spoofer. This means calls won't be connected, texts won't be sent/received and internet service will be knocked offline. While Stingrays are supposed to allow 911 calls to pass through without interruption, these are far from the only type of "emergency" communications. If the device is deployed for any considerable length of time, citizens completely unrelated to the criminal activity being investigated may find themselves unable to communicate.

And while the targeted number apparently belonged to Sprint, the warrant application notes that all service providers in the area will be asked to turn over a large amount of subscriber information.

[D]irecting AT&T, T-Mobile U.S.A., Inc., Verizon Wireless, Metro PCS, Sprint-Nextel and any and all other providers of electronic communication service (hereinafter the "Service Providers") to furnish expeditiously real-time location information concerning the Target Facility (including all cell site location information but not including GPS, E-911, or other precise location information) and, not later than five business days after receipt of a request from the Federal Bureau of Investigation, all information about subscriber identity, including the name, address, local and long distance telephone connection records, length of service (including start date) and types of service utilized, telephone or instrument number or other subscriber number or identity, and means and source of payment for such service (including any credit card or bank account number), for all subscribers to all telephone numbers, published and nonpublished, derived from the pen register and trap and trace device during the 60-day period in which the court order is in effect…

This request seems to run contrary to what's asserted earlier in the warrant application, in reference to the Stingray device itself.

In order to achieve the investigative objective (i.e., determining the general location of the Target Facility) in a manner that is the least intrusive, data incidentally acquired from phones other than the Target Facility shall not be recorded and/or retained beyond its use to identify or locate the Target Facility.

It appears there is a "catch-and-release" policy when it comes to Stingray devices, but the FBI's data request to every cell phone service provider in the area contains no such assurances about minimization. Additionally, the request for data on "all subscribers to all telephone numbers" covers a 60-day period, while the use of the tower spoofer is limited to two weeks.

So, not only did the FBI potentially disrupt cell service while searching for the robbery suspects, it also collected a massive amount of data on every subscriber whose phone happened to connect with its fake tower. It's not really "catch-and-release" if additional call/location data on unrelated subscribers is obtained from from other providers. This broad request was granted without question or additional stipulations by the magistrate judge -- the only limitation applied (in a handwritten addition, no less) being that the FBI would not be able to use the device "in any private place or when they have reason to believe the Target Facility is in a private place." (This falls in line with the FBI's "warrant requirement," which is written in a way that ensures the FBI will never have to seek a warrant for Stingray use.)

The FBI, along with other law enforcement agencies, has refused to answer questions about the disruptive side effects of Stingray device usage. With the unsealing of this document, their silence no longer matters. These agencies are well aware of these devices' capabilities -- something they're clearly not comfortable discussing. The excuses deployed routinely involve "law enforcement means and methods" and claims about "compromising current and future investigations," but with more heat being applied by the nation's legislators, this code of silence may finally be broken. The use of these devices -- despite being fully aware that critical communications may be at least temporarily prevented -- sends a continual implicit message to the public: your safety and well-being is subject to law enforcement's needs and wants.

from the oh-really-now? dept

If you were the Secretary of Defense of a large country, you might think you'd be slightly concerned that foreign agents would want to spy on you. Not so down in Australia apparently, where the current Secretary of Defense, insists that he'd be "surprised" if anyone wanted to find out what was on his phone. Seriously.

We've written about the recent story, revealed in documents leaked by Ed Snowden, that the NSA and GCHQ were able to hack into the systems of Gemalto, the world's largest maker of SIM cards for mobile phones, and obtain the encryption keys used in those cards. While Gemalto insists that the hack didn't actually get those encryption keys, not everyone feels so comfortable with Gemalto's own analysis of what happened.

Senator Scott Ludlam (who we've written about a few times before) reasonably found the story of the Gemalto hack to be concerning, and went about asking some questions of the government to find out what they knew about it. The results are rather astounding. First he had asked ASIO, the Australian Security Intelligence Organization, and they said it wasn't their area, but it might be ASD (the Australian Signals Directorate). The video below shows Ludlam asking the ASD folks for more information about the hack and being flabbergasted that they basically say they haven't even heard about the hack at all:

Right at the beginning, the first person says he's not aware of the situation, and Ludlam asks "are you aware of the broad outlines?" and gets a "no I am not" response, leading to a rather dry "Really?!? Okay, this is going to be interesting" reply from Ludlam. It goes on in this nature for a while, with the various people on the panel playing dumb, and Ludlam repeatedly (and rightly) appearing shocked that they appear to have no idea about the story.

But the really incredible part comes in the last minute of the video, in which Ludlam asks the Australian Secretary of Defense, Dennis Richardson, about his own concerns about his phone being spied on:

Ludlam: Do you use an encrypted phone, Mr. Richardson?

Richardson: No, I don't.

Ludlam: Right. Okay. Do you use a commercial -- I'm not asking you to name names -- but do you use a commercial telecommunications provider?

Richardson: Yeah, yeah, yes.

Ludlam: So there might be a SIM card in your phone or mind. Does this alarm you at all?

Richardson: No.

Ludlam: No?

Richardson: No.

Ludlam: Why is that?

Richardson: Well, because I don't particularly deal with people who... if anyone wants to listen to my telephone calls they can. I'd be surprised if they do, but I don't particularly have conversations which I'm particularly worried about.

[Laughter all around the room]

Ludlam: So it's okay if foreign spooks have hacked every mobile handset in the country because you don't have anything in particular...

Richardson: It's possible some might try to.

Ludlam: It's possible some just have.

Richardson: [shrugs] Well, it's possible.

So there you have it, folks. The Australian Secretary of Defense says that anyone is allowed to listen in to his calls, because there's nothing secret about any of them. I'm not quite familiar with public records/freedom of information laws in Australia, but is it possible for someone to put in a request for recording all of the Secretary of Defense's phone calls?

from the not-just-packet-collisions dept

It would be an understatement to say that net neutrality has been in the news quite a lot recently. One of the supposed arguments against it is that requiring all data packets to be treated equally within a connection will prevent companies from offering us a cornucopia of "specialized services." The main example cited is for medical applications -- the implication being that if net neutrality is required, people are going to die. Speaking at the Mobile World Congress that is currently underway, Nokia's CEO Rajeev Suri has come up with a novel variation on that theme, as reported by CNET (via @AdV007):

Suri emphasises that self-driving cars need to talk over wireless networks fast enough to make decisions with the split-second timing required on the roads. "You cannot prevent collisions if the data that can prevent them is still making its way through the network", said Suri, discussing Nokia's drive toward instantaneous low-latency communication across the network.

Yes, according to Suri, there are going to be terrible pile-ups on the roads unless we get rid of net neutrality. Leaving aside the fact that low-latency communications across the internet will come anyway -- if there's one thing that's certain in the world of digital technology, it's that everything gets faster and cheaper -- there's another problem with this argument.

Self-driving cars that are so reliant on such guaranteed, high-performance networks are hardly going to be very resilient in real-life situations -- and certainly not the kind of system that the public will want to entrust with the lives of themselves and their families. If self-driving cars are to be widely accepted, one of their key features must be the ability to work safely even with the flakiest of internet connections. Suri's attempt to use this emerging technology as a weapon against net neutrality instead undermines the argument for self-driving cars themselves.

from the promises-promises dept

Capcom's never really had much of a consumer-friendly reputation. Between being all about SOPA and utilizing innovative DRM measures such as "You only get one save file per game cartridge ever at all," it would be tough for the company to claim some kind of goodwill dividend should it screw up and find the need for one. And, boy, could Capcom ever use such a dividend amongst PC gamers right now.

The screw up was advertising on Steam that the RE-reboot, Resident Evil Revelations 2, would include a local, split-screen co-operative mode, selling the game under the umbrella of that promise, and then revealing only after sales had begun that local co-op had never been planned for the PC version of the game.

Owners of the PC version of Capcom's action horror game Resident Evil Revelations 2 have discovered that, unlike the console versions, it does not include local co-op - despite advertisements claiming it would.

The game's Steam page had promised offline co-op as part of a bullet point list of features. However, the Steam page was recently amended to state the PC version does not support offline co-op play in the Campaign or Raid mode. (Raid mode, it should be noted, will support online co-op shortly after launch via a patch.) Confusingly, the "assistive co-op play" bullet point that mentions offline co-op remains on the Steam page.

I'm not a lawyer, but I'm fairly certain that advertising a game to a passionate fan-base as having a much-wanted feature and then yanking the rug out from under those fans only after sales had begun is not only a PR nightmare, it's a legal no-no as well. And, of all people to pull this on, passionate PC gamers may be the worst targets. This is a group that expects to be treated as much like desired customers as console-owners and, because the PC gaming landscape is littered with differences between its games and those that appear on consoles, it's a group that tends to pay very close attention to the specifics about the features of the games they buy. Not the kind of group, in other words, that you could pull this kind of false advertisement on and actually get away with it.

Perhaps worse, the tone-deaf defiant and non-apologetic nature of Capcom's response isn't going to help matters.

Here's Capcom's statement in full:

"The PC version of Resident Evil Revelations 2 supports a variety of customisable visual settings and resolutions. The decision to prioritise a single local screen was made to ensure a stable user experience across a variety of different PC settings and devices. Raid mode will support online co-op shortly after launch when a free patch is available for players to download which adds this feature, but the main campaign on PC will only be available to play in single local screen."

Great, except none of that was the point or cause of the outrage. You told consumers there was a feature in the game at the time of purchase, then revealed that feature was not now or ever planned to be included post-purchase. That's shitty. Come out with refunds and an actual apology next time.